{"title":"Two-Stage Botnet Detection Method Based on Feature Selection for Industrial Internet of Things","authors":"Jian Shu, Jiazhong Lu","doi":"10.1049/ise2/9984635","DOIUrl":null,"url":null,"abstract":"<div>\n <p>Industrial control systems (ICSs) increasingly leverage the industrial internet of things (IIoTs) for sensor-based automation, enhancing operational efficiency. However, the rapid expansion of the IIoTs brings with it an inherent susceptibility to potential threats from network intrusions, which pose risks to both the network infrastructure and associated equipment. The landscape of botnets is characterized by its diverse array and intricate attack methodologies, spanning a broad spectrum. In recent years, the domain of industrial control has witnessed the emergence of botnets, further accentuating the need for robust security measures. Addressing the challenge of categorizing and detecting the diverse botnet attacks, this paper proposes a two-stage feature selection–based method for botnet detection. In the first stage, a spatiotemporal convolutional recurrent network is employed to construct a hybrid network capable of classifying benign traffic and identifying traffic originating from distinct botnet families. Subsequently, in the second stage, core features specific to the traffic of each botnet family are meticulously screened using the <i>F</i>-test. The identified features are then utilized to categorize the respective attack types through the application of extreme gradient boosting (XGBOOST). To evaluate the efficacy of the proposed method, we conducted experiments using the N-BaIoT dataset under 10 different attack scenarios from the Gafgyt and Mirai botnet families. The results demonstrate that our method achieves a classification accuracy and F1-score exceeding 99%, establishing it as the highest-performing model for botnet detection within this dataset.</p>\n </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2025-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9984635","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ise2/9984635","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Industrial control systems (ICSs) increasingly leverage the industrial internet of things (IIoTs) for sensor-based automation, enhancing operational efficiency. However, the rapid expansion of the IIoTs brings with it an inherent susceptibility to potential threats from network intrusions, which pose risks to both the network infrastructure and associated equipment. The landscape of botnets is characterized by its diverse array and intricate attack methodologies, spanning a broad spectrum. In recent years, the domain of industrial control has witnessed the emergence of botnets, further accentuating the need for robust security measures. Addressing the challenge of categorizing and detecting the diverse botnet attacks, this paper proposes a two-stage feature selection–based method for botnet detection. In the first stage, a spatiotemporal convolutional recurrent network is employed to construct a hybrid network capable of classifying benign traffic and identifying traffic originating from distinct botnet families. Subsequently, in the second stage, core features specific to the traffic of each botnet family are meticulously screened using the F-test. The identified features are then utilized to categorize the respective attack types through the application of extreme gradient boosting (XGBOOST). To evaluate the efficacy of the proposed method, we conducted experiments using the N-BaIoT dataset under 10 different attack scenarios from the Gafgyt and Mirai botnet families. The results demonstrate that our method achieves a classification accuracy and F1-score exceeding 99%, establishing it as the highest-performing model for botnet detection within this dataset.
期刊介绍:
IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls.
Scope:
Access Control and Database Security
Ad-Hoc Network Aspects
Anonymity and E-Voting
Authentication
Block Ciphers and Hash Functions
Blockchain, Bitcoin (Technical aspects only)
Broadcast Encryption and Traitor Tracing
Combinatorial Aspects
Covert Channels and Information Flow
Critical Infrastructures
Cryptanalysis
Dependability
Digital Rights Management
Digital Signature Schemes
Digital Steganography
Economic Aspects of Information Security
Elliptic Curve Cryptography and Number Theory
Embedded Systems Aspects
Embedded Systems Security and Forensics
Financial Cryptography
Firewall Security
Formal Methods and Security Verification
Human Aspects
Information Warfare and Survivability
Intrusion Detection
Java and XML Security
Key Distribution
Key Management
Malware
Multi-Party Computation and Threshold Cryptography
Peer-to-peer Security
PKIs
Public-Key and Hybrid Encryption
Quantum Cryptography
Risks of using Computers
Robust Networks
Secret Sharing
Secure Electronic Commerce
Software Obfuscation
Stream Ciphers
Trust Models
Watermarking and Fingerprinting
Special Issues. Current Call for Papers:
Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
