6
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      IoTDS: A One-Class Classification Approach to Detect Botnets in Internet of Things Devices

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device’s behaviour, the approach extracts features from the device’s CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device’s energy consumption, and CPU and memory utilisation.

          Related collections

          Most cited references 34

          • Record: found
          • Abstract: not found
          • Article: not found

          A Fast Algorithm for the Minimum Covariance Determinant Estimator

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            DDoS in the IoT: Mirai and Other Botnets

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              Scikit-learn: machine learning in Python

                Bookmark

                Author and article information

                Journal
                Sensors (Basel)
                Sensors (Basel)
                sensors
                Sensors (Basel, Switzerland)
                MDPI
                1424-8220
                19 July 2019
                July 2019
                : 19
                : 14
                Affiliations
                [1 ]Computer Science Department, State University of Londrina (UEL), Londrina PR 86057-970, Brazil
                [2 ]School of Computer Science, Federal University of Uberlândia (UFU), Uberlândia MG 38400-902, Brazil
                Author notes
                [* ]Correspondence: brunozarpelao@ 123456uel.br ; Tel.: +55-43-3371-5100
                Article
                sensors-19-03188
                10.3390/s19143188
                6679338
                31331071
                © 2019 by the authors.

                Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( http://creativecommons.org/licenses/by/4.0/).

                Categories
                Article

                Biomedical engineering

                internet of things, botnet, anomaly detection, host-based

                Comments

                Comment on this article