Abstract
Nowadays, the world witnesses an immense growth in Internet of things devices. Such devices are found in smart homes, wearable devices, retail, health care, industry, and transportation. As we are entering Internet of things (IoT) digital era, IoT devices not only hack our world, but also start to hack our personal life. The widespread IoT has created a rich platform for potential IoT cyberattacks. Data mining and machine learning techniques have significant roles in the field of IoT botnet detection. The aim of this chapter is to develop detection model based on multi-objective particle swarm optimization (MOPSO) for identifying the malicious behaviors in IoT network traffic. The performance of MOPSO is verified against multi-objective non-dominating sorting genetic algorithm (NSGA-II), common traditional machine learning algorithms, and some conventional filter-based feature selection methods. As per the obtained results, MOPSO is competitive and outperforms NSGA-II, traditional machine learning methods, and filter-based methods in most of the studied datasets.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ahmed S, Mafarja M, Faris H, Aljarah I (2018) Feature selection using salp swarm algorithm with chaos. In: Proceedings of the 2nd international conference on intelligent systems, metaheuristics & swarm intelligence. ACM, pp 65–69
Al-Dabagh MZN, Alhabib MHM, AL-Mukhtar FH (2018) Face recognition system based on kernel discriminant analysis k-nearest neighbor and support vector machine. Int J Res Eng 5(3):335–338
Aljarah I, Al-Zoubi AM, Faris H, Hassonah MA, Mirjalili S, Saadeh H (2018) Simultaneous feature selection and support vector machine optimization using the grasshopper optimization algorithm. Cogn Comput 1–18
Aljarah I, Ludwig SA (2013) Mapreduce intrusion detection system based on a particle swarm optimization clustering algorithm. In: 2013 IEEE congress on evolutionary computation. IEEE, pp 955–962
Aljarah I, Ludwig SA (2013) Towards a scalable intrusion detection system based on parallel pso clustering using mapreduce. In: Proceedings of the 15th annual conference companion on Genetic and evolutionary computation. ACM, pp 169–170
Aljarah I, Mafarja M, Heidari AA, Faris H, Zhang Y, Mirjalili S (2018) Asynchronous accelerating multi-leader salp chains for feature selection. Appl Soft Comput 71:964–979
Angrishi K (2017) Turning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681
Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Durumeric Z, Halderman JA, Invernizzi L, Kallitsis M et al (2017) Understanding the mirai botnet. In: USENIX security symposium, pp 1092–1110
Atallah DM, Badawy M, El-Sayed A, Ghoneim MA (2019) Predicting kidney transplantation outcome based on hybrid feature selection and knn classifier. Multimed Tools Appl 1–25
bin Mohd Zain MZ, Kanesan J, Chuah JH, Dhanapal S, Kendall G (2018) A multi-objective particle swarm optimization algorithm based on dynamic boundary search for constrained optimization. Appl Soft Comput
Bramer M (2007) Principles of data mining, vol 180. Springer
Chandrashekar G, Sahin F (2014) A survey on feature selection methods. Appl Soft Comput 40(1):16–28
Coello CAC, Pulido GT, Lechuga MS (2004) Handling multiple objectives with particle swarm optimization. IEEE Trans Evol Comput 8(3):256–279
Conti M, Dehghantanha A, Franke K, Watson S (2018). Challenges and opportunities. Internet Things Secur Forensics
Cormen TH, Leiserson CE, Rivest RL, Stein C (2009) Introduction to algorithms. MIT press
Dua D, Efi KT (2017) UCI machine learning repository
Eberhart R, Kennedy J (1995) A new optimizer using particle swarm theory. In: Micro machine and human science, 1995. MHS’95., Proceedings of the sixth international symposium on. IEEE, pp 39–43
Elrawy MF, Awad AI, Hamed HFA (2018) Intrusion detection systems for iot-based smart environments: a survey. J Cloud Comput 7(1):21
Faris Al-Zoubi AM, Heidari AA, Aljarah I, Mafarja M, Hassonah MA, Fujita H (2019) An intelligent system for spam detection and identification of the most relevant features based on evolutionary random weight networks. Inf Fusion 48:67–83
Faris H, Aljarah I, Al-Shboul B (2016) A hybrid approach based on particle swarm optimization and random forests for e-mail spam filtering. In: International conference on computational collective intelligence. Springer, pp 498–508
Faris H, Aljarah I et al (2015) Optimizing feedforward neural networks using krill herd algorithm for e-mail spam detection. In:2015 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT). IEEE, pp 1–5
Faris H, Hassonah MA, Al-Zoubi AM, Mirjalili S, Aljarah I (2018) A multi-verse optimizer approach for feature selection and optimizing svm parameters based on a robust system architecture. Neural Comput Appl 30(8):2355–2369
Faris H, Mafarja MM, Heidari AA, Aljarah I, Al-Zoubi AM, Mirjalili S, Fujita H (2018) An efficient binary salp swarm algorithm with crossover scheme for feature selection problems. Knowl-Based Syst 154:43–67
Freund Y, Schapire RE (1999) Large margin classification using the perceptron algorithm. Mach Learn 37(3):277–296
Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput & Secur 28(1–2):18–28
Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The weka data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18
Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier
Hemdan EE-D, Manjaiah DH (2018) Cybercrimes investigation and intrusion detection in internet of things based on data science methods. In: Cognitive computing for big data systems over IoT. Springer, pp 39–62
Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D (2014) Security of the internet of things: perspectives and challenges. Wirel Netw 20(8):2481–2501
Kesavamoorthy R, Soundar KR (2018) Swarm intelligence based autonomous ddos attack detection and defense using multi agent system. Clust Comput 1–8
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) Ddos in the iot: mirai and other botnets. Computer 50(7):80–84
Kowshalya MA, Valarmathi ML (2016) Detection of sybil’s across communities over social internet of things. J Appl Eng Sci 14(1):75–83
Kuhn M, Johnson K (2013) Applied predictive modeling, vol 26. Springer
Li J, Zhao Z, Li R, Zhang H, Zhang T (2018) Ai-based two-stage intrusion detection for software defined iot networks. IEEE Internet Things J
Liu L, Xu B, Wu Zhang XX (2018) An intrusion detection method for internet of things based on suppressed fuzzy clustering. EURASIP J Wirel Commun Netw 1:113
Mafarja M, Aljarah I, Faris H, Hammouri AI, Al-Zoubi AM, Mirjalili S (2019) Binary grasshopper optimisation algorithm approaches for feature selection problems. Expert Syst Appl 117:267–286
Mafarja M, Aljarah I, Heidari AA, Faris H, Fournier-Viger P, Li X, Mirjalili S (2018) Binary dragonfly optimization for feature selection using time-varying transfer functions. Knowl-Based Syst 161:185–204
Mafarja M, Aljarah I, Heidari AA, Hammouri AI, Faris H, Al-Zoubi AM, Mirjalili S (2018) Evolutionary population dynamics and grasshopper optimization approaches for feature selection problems. Knowl-Based Syst 145:25–45
Mafarja M, Heidari AA, Faris H, Mirjalili S, Aljarah I (2020) Dragonfly algorithm: theory, literature review, and application in feature selection. In: Nature-inspired optimizers. Springer, pp 47–67
Mafarja MM, Mirjalili S (2018) Hybrid binary ant lion optimizer with rough set and approximate entropy reducts for feature selection. Soft Comput 1–17
Marzano A, Alexander D, Fonseca O, Fazzion E, Hoepers C, Steding-Jessen K, Chaves MHPC, Cunha Í, Guedes D, Meira W (2018) The evolution of bashlite and mirai iot botnets. In: 2018 IEEE symposium on computers and communications (ISCC). IEEE, pp 00813–00818
Mehmood A, Mukherjee M, Ahmed SH, Song H, Malik KM (2018) Nbc-maids: naïve bayesian classification technique in multi-agent system-enriched ids for securing iot against ddos attacks. J Supercomput 1–15
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22
Mir A, Nasiri JA (2018) Knn-based least squares twin support vector machine for pattern classification. Appl Intell 48(12):4551–4564
Mirjalili S, Lewis A (2013) S-shaped versus v-shaped transfer functions for binary particle swarm optimization. Swarm Evol Comput 9:1–14
Mohemmed AW, Zhang M (2008) Evaluation of particle swarm optimization based centroid classifier with different distance metrics. In: 2008 IEEE congress on evolutionary computation (IEEE world congress on computational intelligence). IEEE, pp 2929–2932
Moustafa N, Turnbull B, Choo K-KR (2018) An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. EEE Internet Things J
Pamukov ME, Poulkov VK, Shterev VA (2018) Negative selection and neural network based algorithm for intrusion detection in iot. In: 2018 41st international conference on telecommunications and signal processing (TSP). IEEE, pp 1–5
Rana S, Hossain S, Shoun HI, Abul Kashem M (2018) An effective lightweight cryptographic algorithm to secure resource-constrained devices. Int J Adv Comput Sci Appl 9(11):267–275
Rathore S, Park JH (2018) Semi-supervised learning based distributed attack detection framework for iot. Appl Soft Comput 72:79–89
Sanchez-Pi N, Martí L, Molina JM (2018) Applying voreal for iot intrusion detection. In: International Conference on Hybrid Artificial Intelligence Systems. Springer, pp 363–374
Selvarani P, Suresh A, Malarvizhi N (2018) Secure and optimal authentication framework for cloud management using hgapso algorithm. Clust Comput 1–10
Shaikh F, Bou-Harb E, Crichigno J, Ghani N (2018) A machine learning model for classifying unsolicited iot devices by observing network telescopes. In: 2018 14th international wireless communications & mobile computing conference (IWCMC). IEEE, pp 938–943
Vijayalakshmi J, Robin CRR (2018) An exponent based error detection mechanism against dxdos attack for improving the security in cloud. Clust Comput 1–10
Whitter-Jones J (2018) Security review on the internet of things. In: 2018 Third international conference on fog and mobile edge computing (FMEC). IEEE, pp 163–168
Xiao L, Wan X, Lu X, Zhang Y, Wu D (2018) Iot security techniques based on machine learning: how do iot devices use ai to enhance security? IEEE Signal Process Mag 35(5):41–49
Xue B, Zhang M, Browne WN (2013) Particle swarm optimization for feature selection in classification: a multi-objective approach. IEEE Trans Cybern 43(6):1656–1671
Yang X-S (2010) A new metaheuristic bat-inspired algorithm. In: Nature inspired cooperative strategies for optimization (NICSO 2010). Springer, pp 65–74
Zhang H, Sun G (2002) Feature selection using tabu search method. Pattern Recognit 35(3):701–711
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 IoT Datasets
Dataset | Class | No. of instances | Rate (%) | |
---|---|---|---|---|
Security camera XCS7_1003 | Normal | 19,529 | 2.40 | |
Mirai botnet | ACK flooding | 107,188 | 13.15 | |
Scan | 43,675 | 5.36 | ||
SYN flooding | 122,480 | 15.02 | ||
UDP flooding | 157,085 | 19.27 | ||
UDP plain flooding | 48,837 | 5.99 | ||
Sum | 47,9265 | 58.79 | ||
Gafgyt botnet | Combo (spam data) | 59,399 | 7.29 | |
Junk (spam data) | 27,414 | 3.36 | ||
Scan | 28,573 | 3.50 | ||
TCP flooding | 98,076 | 12.03 | ||
UDP flooding | 102,981 | 12.63 | ||
Sum | 316,443 | 38.82 | ||
Total sum | 815,237 | 100.00 |
Dataset | Class | No. of instances | Rate (%) | |
---|---|---|---|---|
Baby monitor (Philips_B120N10) | Normal | 175,241 | 15.95 | |
Mirai botnet | ACK flooding | 91,124 | 8.29 | |
Scan | 103,622 | 9.43 | ||
SYN flooding | 118,129 | 10.75 | ||
UDP flooding | 217,035 | 19.75 | ||
UDP plain flooding | 80,809 | 7.36 | ||
Sum | 610,719 | 55.59 | ||
Gafgyt botnet | Combo (spam data) | 58,153 | 5.29 | |
Junk (spam data) | 28,350 | 2.58 | ||
Scan | 27,860 | 2.54 | ||
TCP flooding | 92,582 | 8.43 | ||
UDP flooding | 105,783 | 9.63 | ||
Sum | 312,728 | 28.46 | ||
Total sum | 1,098,688 | 100.00 | ||
Danmini doorbell | Normal | 49,549 | 4.87 | |
Mirai botnet | ACK flooding | 102,196 | 10.04 | |
Scan | 107,686 | 10.57 | ||
SYN flooding | 122,574 | 12.04 | ||
UDP flooding | 237,666 | 23.34 | ||
UDP plain flooding | 81,983 | 8.05 | ||
Sum | 652,105 | 64.04 | ||
Gafgyt botnet | Combo (spam data) | 59,719 | 5.86 | |
Junk (spam data) | 29,069 | 2.85 | ||
Scan | 29,850 | 2.93 | ||
TCP flooding | 92,142 | 9.05 | ||
UDP flooding | 105,875 | 10.40 | ||
Sum | 316,655 | 31.10 | ||
Total sum | 1,018,309 | 100.00 |
Dataset | Class | No. of instances | Rate (%) | |
---|---|---|---|---|
Ennio doorbell | Normal | 39,101 | 11.00 | |
Mirai botnet | ACK flooding | 0 | 0.00 | |
Scan | 0 | 0.00 | ||
SYN flooding | 0 | 0.00 | ||
UDP flooding | 0 | 0.00 | ||
UDP plain flooding | 0 | 0.00 | ||
Sum | 0 | 0.00 | ||
Gafgyt botnet | Combo (spam data) | 53,015 | 14.91 | |
Junk (spam data) | 29,798 | 8.38 | ||
Scan | 28,121 | 7.91 | ||
TCP flooding | 10,1537 | 28.56 | ||
UDP flooding | 103,934 | 29.24 | ||
Sum | 316,405 | 89.00 | ||
Total sum | 355,506 | 100.00 | ||
Ecobee thermostat | Normal | 13,114 | 1.57 | |
Mirai botnet | ACK flooding | 113,286 | 13.55 | |
Scan | 43,193 | 5.17 | ||
SYN flooding | 116,808 | 13.97 | ||
UDP flooding | 151,482 | 18.12 | ||
UDP plain flooding | 87,369 | 10.45 | ||
Sum | 512,138 | 61.27 | ||
Gafgyt botnet | Combo (spam data) | 53,013 | 6.34 | |
Junk (spam data) | 30,313 | 3.63 | ||
Scan | 27,495 | 3.29 | ||
TCP flooding | 95,022 | 11.37 | ||
UDP flooding | 104,792 | 12.54 | ||
Sum | 310,635 | 37.16 | ||
Total sum | 835,887 | 100.00 |
Dataset | Class | No. of instances | Rate (%) | |
---|---|---|---|---|
Samsung webcam (SNH_1011_N ) | Normal | 52,151 | 13.90 | |
Mirai botnet | ACK flooding | 0 | 0.00 | |
Scan | 0 | 0.00 | ||
SYN flooding | 0 | 0.00 | ||
UDP flooding | 0 | 0.00 | ||
UDP plain flooding | 0 | 0.00 | ||
Sum | 0 | 0.00 | ||
Gafgyt botnet | Combo (spam data) | 58,670 | 15.64 | |
Junk (spam data) | 28,306 | 7.54 | ||
Scan | 27,699 | 7.38 | ||
TCP flooding | 97,784 | 26.06 | ||
UDP flooding | 110,618 | 29.48 | ||
Sum | 323,077 | 86.10 | ||
Total sum | 375,228 | 100.00 | ||
Security camera PT_737E | Normal | 62,155 | 7.50 | |
Mirai botnet | ACK flooding | 60,555 | 7.31 | |
Scan | 96,782 | 11.68 | ||
SYN flooding | 65,747 | 7.94 | ||
UDP flooding | 156,249 | 18.86 | ||
UDP plain flooding | 56,682 | 6.84 | ||
Sum | 436,015 | 52.64 | ||
Gafgyt botnet | Combo (spam data) | 61,381 | 7.41 | |
Junk (spam data) | 30,899 | 3.73 | ||
Scan | 29,298 | 3.54 | ||
TCP flooding | 104,511 | 12.62 | ||
UDP flooding | 104,012 | 12.56 | ||
Sum | 330,101 | 39.85 | ||
Total sum | 828,271 | 100.00 |
Dataset | Class | No. of instances | Rate (%) | |
---|---|---|---|---|
Security camera PT_838 | Normal | 98,515 | 11.77 | |
Mirai botnet | ACK flooding | 57,998 | 6.93 | |
Scan | 97,097 | 11.60 | ||
SYN flooding | 61,852 | 7.39 | ||
UDP flooding | 158,609 | 18.95 | ||
UDP plain flooding | 53,786 | 6.43 | ||
Sum | 429,342 | 51.30 | ||
Gafgyt botnet | Combo (spam data) | 57,531 | 6.87 | |
Junk (spam data) | 29,069 | 3.47 | ||
Scan | 28,398 | 3.39 | ||
TCP flooding | 89,388 | 10.68 | ||
UDP flooding | 104,659 | 12.51 | ||
Sum | 309,045 | 36.93 | ||
Total sum | 836,902 | 100.00 | ||
Security camera XCS7_1002 | Normal | 46,586 | 5.62 | |
Mirai botnet | ACK flooding | 107,188 | 12.93 | |
Scan | 43,675 | 5.27 | ||
SYN flooding | 122,480 | 14.77 | ||
UDP flooding | 157,085 | 18.95 | ||
UDP plain flooding | 48,837 | 5.89 | ||
Sum | 479,265 | 57.81 | ||
Gafgyt botnet | Combo (spam data) | 54,284 | 6.55 | |
Junk (spam data) | 28,580 | 3.45 | ||
Scan | 27,826 | 3.36 | ||
TCP flooding | 88,817 | 10.71 | ||
UDP flooding | 103,721 | 12.51 | ||
Sum | 303,228 | 36.57 | ||
Total sum | 829,079 | 100.00 |
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Habib, M., Aljarah, I., Faris, H., Mirjalili, S. (2020). Multi-objective Particle Swarm Optimization for Botnet Detection in Internet of Things. In: Mirjalili, S., Faris, H., Aljarah, I. (eds) Evolutionary Machine Learning Techniques. Algorithms for Intelligent Systems. Springer, Singapore. https://doi.org/10.1007/978-981-32-9990-0_10
Download citation
DOI: https://doi.org/10.1007/978-981-32-9990-0_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-32-9989-4
Online ISBN: 978-981-32-9990-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)