Skip to main content
SpringerLink
Log in
Book cover

Evolutionary Machine Learning Techniques pp 203–229Cite as

Multi-objective Particle Swarm Optimization for Botnet Detection in Internet of Things

  • Chapter
  • First Online:

Part of the book series: Algorithms for Intelligent Systems ((AIS))

Abstract

Nowadays, the world witnesses an immense growth in Internet of things devices. Such devices are found in smart homes, wearable devices, retail, health care, industry, and transportation. As we are entering Internet of things (IoT) digital era, IoT devices not only hack our world, but also start to hack our personal life. The widespread IoT has created a rich platform for potential IoT cyberattacks. Data mining and machine learning techniques have significant roles in the field of IoT botnet detection. The aim of this chapter is to develop detection model based on multi-objective particle swarm optimization (MOPSO) for identifying the malicious behaviors in IoT network traffic. The performance of MOPSO is verified against multi-objective non-dominating sorting genetic algorithm (NSGA-II), common traditional machine learning algorithms, and some conventional filter-based feature selection methods. As per the obtained results, MOPSO is competitive and outperforms NSGA-II, traditional machine learning methods, and filter-based methods in most of the studied datasets.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ahmed S, Mafarja M, Faris H, Aljarah I (2018) Feature selection using salp swarm algorithm with chaos. In: Proceedings of the 2nd international conference on intelligent systems, metaheuristics & swarm intelligence. ACM, pp 65–69

    Google Scholar 

  2. Al-Dabagh MZN, Alhabib MHM, AL-Mukhtar FH (2018) Face recognition system based on kernel discriminant analysis k-nearest neighbor and support vector machine. Int J Res Eng 5(3):335–338

    Article  Google Scholar 

  3. Aljarah I, Al-Zoubi AM, Faris H, Hassonah MA, Mirjalili S, Saadeh H (2018) Simultaneous feature selection and support vector machine optimization using the grasshopper optimization algorithm. Cogn Comput 1–18

    Google Scholar 

  4. Aljarah I, Ludwig SA (2013) Mapreduce intrusion detection system based on a particle swarm optimization clustering algorithm. In: 2013 IEEE congress on evolutionary computation. IEEE, pp 955–962

    Google Scholar 

  5. Aljarah I, Ludwig SA (2013) Towards a scalable intrusion detection system based on parallel pso clustering using mapreduce. In: Proceedings of the 15th annual conference companion on Genetic and evolutionary computation. ACM, pp 169–170

    Google Scholar 

  6. Aljarah I, Mafarja M, Heidari AA, Faris H, Zhang Y, Mirjalili S (2018) Asynchronous accelerating multi-leader salp chains for feature selection. Appl Soft Comput 71:964–979

    Article  Google Scholar 

  7. Angrishi K (2017) Turning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681

  8. Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Durumeric Z, Halderman JA, Invernizzi L, Kallitsis M et al (2017) Understanding the mirai botnet. In: USENIX security symposium, pp 1092–1110

    Google Scholar 

  9. Atallah DM, Badawy M, El-Sayed A, Ghoneim MA (2019) Predicting kidney transplantation outcome based on hybrid feature selection and knn classifier. Multimed Tools Appl 1–25

    Google Scholar 

  10. bin Mohd Zain MZ, Kanesan J, Chuah JH, Dhanapal S, Kendall G (2018) A multi-objective particle swarm optimization algorithm based on dynamic boundary search for constrained optimization. Appl Soft Comput

    Google Scholar 

  11. Bramer M (2007) Principles of data mining, vol 180. Springer

    Google Scholar 

  12. Chandrashekar G, Sahin F (2014) A survey on feature selection methods. Appl Soft Comput 40(1):16–28

    Google Scholar 

  13. Coello CAC, Pulido GT, Lechuga MS (2004) Handling multiple objectives with particle swarm optimization. IEEE Trans Evol Comput 8(3):256–279

    Article  Google Scholar 

  14. Conti M, Dehghantanha A, Franke K, Watson S (2018). Challenges and opportunities. Internet Things Secur Forensics

    Google Scholar 

  15. Cormen TH, Leiserson CE, Rivest RL, Stein C (2009) Introduction to algorithms. MIT press

    Google Scholar 

  16. Dua D, Efi KT (2017) UCI machine learning repository

    Google Scholar 

  17. Eberhart R, Kennedy J (1995) A new optimizer using particle swarm theory. In: Micro machine and human science, 1995. MHS’95., Proceedings of the sixth international symposium on. IEEE, pp 39–43

    Google Scholar 

  18. Elrawy MF, Awad AI, Hamed HFA (2018) Intrusion detection systems for iot-based smart environments: a survey. J Cloud Comput 7(1):21

    Article  Google Scholar 

  19. Faris Al-Zoubi AM, Heidari AA, Aljarah I, Mafarja M, Hassonah MA, Fujita H (2019) An intelligent system for spam detection and identification of the most relevant features based on evolutionary random weight networks. Inf Fusion 48:67–83

    Article  Google Scholar 

  20. Faris H, Aljarah I, Al-Shboul B (2016) A hybrid approach based on particle swarm optimization and random forests for e-mail spam filtering. In: International conference on computational collective intelligence. Springer, pp 498–508

    Google Scholar 

  21. Faris H, Aljarah I et al (2015) Optimizing feedforward neural networks using krill herd algorithm for e-mail spam detection. In:2015 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT). IEEE, pp 1–5

    Google Scholar 

  22. Faris H, Hassonah MA, Al-Zoubi AM, Mirjalili S, Aljarah I (2018) A multi-verse optimizer approach for feature selection and optimizing svm parameters based on a robust system architecture. Neural Comput Appl 30(8):2355–2369

    Article  Google Scholar 

  23. Faris H, Mafarja MM, Heidari AA, Aljarah I, Al-Zoubi AM, Mirjalili S, Fujita H (2018) An efficient binary salp swarm algorithm with crossover scheme for feature selection problems. Knowl-Based Syst 154:43–67

    Article  Google Scholar 

  24. Freund Y, Schapire RE (1999) Large margin classification using the perceptron algorithm. Mach Learn 37(3):277–296

    Article  Google Scholar 

  25. Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput & Secur 28(1–2):18–28

    Article  Google Scholar 

  26. Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The weka data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18

    Article  Google Scholar 

  27. Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier

    Google Scholar 

  28. Hemdan EE-D, Manjaiah DH (2018) Cybercrimes investigation and intrusion detection in internet of things based on data science methods. In: Cognitive computing for big data systems over IoT. Springer, pp 39–62

    Google Scholar 

  29. Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D (2014) Security of the internet of things: perspectives and challenges. Wirel Netw 20(8):2481–2501

    Article  Google Scholar 

  30. Kesavamoorthy R, Soundar KR (2018) Swarm intelligence based autonomous ddos attack detection and defense using multi agent system. Clust Comput 1–8

    Google Scholar 

  31. Kolias C, Kambourakis G, Stavrou A, Voas J (2017) Ddos in the iot: mirai and other botnets. Computer 50(7):80–84

    Article  Google Scholar 

  32. Kowshalya MA, Valarmathi ML (2016) Detection of sybil’s across communities over social internet of things. J Appl Eng Sci 14(1):75–83

    Article  Google Scholar 

  33. Kuhn M, Johnson K (2013) Applied predictive modeling, vol 26. Springer

    Google Scholar 

  34. Li J, Zhao Z, Li R, Zhang H, Zhang T (2018) Ai-based two-stage intrusion detection for software defined iot networks. IEEE Internet Things J

    Google Scholar 

  35. Liu L, Xu B, Wu Zhang XX (2018) An intrusion detection method for internet of things based on suppressed fuzzy clustering. EURASIP J Wirel Commun Netw 1:113

    Article  Google Scholar 

  36. Mafarja M, Aljarah I, Faris H, Hammouri AI, Al-Zoubi AM, Mirjalili S (2019) Binary grasshopper optimisation algorithm approaches for feature selection problems. Expert Syst Appl 117:267–286

    Article  Google Scholar 

  37. Mafarja M, Aljarah I, Heidari AA, Faris H, Fournier-Viger P, Li X, Mirjalili S (2018) Binary dragonfly optimization for feature selection using time-varying transfer functions. Knowl-Based Syst 161:185–204

    Article  Google Scholar 

  38. Mafarja M, Aljarah I, Heidari AA, Hammouri AI, Faris H, Al-Zoubi AM, Mirjalili S (2018) Evolutionary population dynamics and grasshopper optimization approaches for feature selection problems. Knowl-Based Syst 145:25–45

    Article  Google Scholar 

  39. Mafarja M, Heidari AA, Faris H, Mirjalili S, Aljarah I (2020) Dragonfly algorithm: theory, literature review, and application in feature selection. In: Nature-inspired optimizers. Springer, pp 47–67

    Google Scholar 

  40. Mafarja MM, Mirjalili S (2018) Hybrid binary ant lion optimizer with rough set and approximate entropy reducts for feature selection. Soft Comput 1–17

    Google Scholar 

  41. Marzano A, Alexander D, Fonseca O, Fazzion E, Hoepers C, Steding-Jessen K, Chaves MHPC, Cunha Í, Guedes D, Meira W (2018) The evolution of bashlite and mirai iot botnets. In: 2018 IEEE symposium on computers and communications (ISCC). IEEE, pp 00813–00818

    Google Scholar 

  42. Mehmood A, Mukherjee M, Ahmed SH, Song H, Malik KM (2018) Nbc-maids: naïve bayesian classification technique in multi-agent system-enriched ids for securing iot against ddos attacks. J Supercomput 1–15

    Google Scholar 

  43. Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22

    Article  Google Scholar 

  44. Mir A, Nasiri JA (2018) Knn-based least squares twin support vector machine for pattern classification. Appl Intell 48(12):4551–4564

    Article  Google Scholar 

  45. Mirjalili S, Lewis A (2013) S-shaped versus v-shaped transfer functions for binary particle swarm optimization. Swarm Evol Comput 9:1–14

    Article  Google Scholar 

  46. Mohemmed AW, Zhang M (2008) Evaluation of particle swarm optimization based centroid classifier with different distance metrics. In: 2008 IEEE congress on evolutionary computation (IEEE world congress on computational intelligence). IEEE, pp 2929–2932

    Google Scholar 

  47. Moustafa N, Turnbull B, Choo K-KR (2018) An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. EEE Internet Things J

    Google Scholar 

  48. Pamukov ME, Poulkov VK, Shterev VA (2018) Negative selection and neural network based algorithm for intrusion detection in iot. In: 2018 41st international conference on telecommunications and signal processing (TSP). IEEE, pp 1–5

    Google Scholar 

  49. Rana S, Hossain S, Shoun HI, Abul Kashem M (2018) An effective lightweight cryptographic algorithm to secure resource-constrained devices. Int J Adv Comput Sci Appl 9(11):267–275

    Google Scholar 

  50. Rathore S, Park JH (2018) Semi-supervised learning based distributed attack detection framework for iot. Appl Soft Comput 72:79–89

    Article  Google Scholar 

  51. Sanchez-Pi N, Martí L, Molina JM (2018) Applying voreal for iot intrusion detection. In: International Conference on Hybrid Artificial Intelligence Systems. Springer, pp 363–374

    Google Scholar 

  52. Selvarani P, Suresh A, Malarvizhi N (2018) Secure and optimal authentication framework for cloud management using hgapso algorithm. Clust Comput 1–10

    Google Scholar 

  53. Shaikh F, Bou-Harb E, Crichigno J, Ghani N (2018) A machine learning model for classifying unsolicited iot devices by observing network telescopes. In: 2018 14th international wireless communications & mobile computing conference (IWCMC). IEEE, pp 938–943

    Google Scholar 

  54. Vijayalakshmi J, Robin CRR (2018) An exponent based error detection mechanism against dxdos attack for improving the security in cloud. Clust Comput 1–10

    Google Scholar 

  55. Whitter-Jones J (2018) Security review on the internet of things. In: 2018 Third international conference on fog and mobile edge computing (FMEC). IEEE, pp 163–168

    Google Scholar 

  56. Xiao L, Wan X, Lu X, Zhang Y, Wu D (2018) Iot security techniques based on machine learning: how do iot devices use ai to enhance security? IEEE Signal Process Mag 35(5):41–49

    Article  Google Scholar 

  57. Xue B, Zhang M, Browne WN (2013) Particle swarm optimization for feature selection in classification: a multi-objective approach. IEEE Trans Cybern 43(6):1656–1671

    Article  Google Scholar 

  58. Yang X-S (2010) A new metaheuristic bat-inspired algorithm. In: Nature inspired cooperative strategies for optimization (NICSO 2010). Springer, pp 65–74

    Google Scholar 

  59. Zhang H, Sun G (2002) Feature selection using tabu search method. Pattern Recognit 35(3):701–711

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. King Abdullah II School for Information Technology, The University of Jordan, Amman, Jordan

    Maria Habib, Ibrahim Aljarah & Hossam Faris

  2. Torrens University Australia, Brisbane, QLD, 4006, Australia

    Seyedali Mirjalili

  3. Griffith University, Brisbane, QLD, 4111, Australia

    Seyedali Mirjalili

Authors
  1. Maria Habib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ibrahim Aljarah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hossam Faris
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Seyedali Mirjalili
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seyedali Mirjalili .

Editor information

Editors and Affiliations

  1. Torrens University Australia, Brisbane, QLD, Australia

    Seyedali Mirjalili

  2. King Abdullah II School for Information Technology, The University of Jordan, Amman, Jordan

    Hossam Faris

  3. King Abdullah II School for Information Technology, The University of Jordan, Amman, Jordan

    Ibrahim Aljarah

Appendix

Appendix

1.1 IoT Datasets

Dataset

Class

No. of instances

Rate (%)

Security camera XCS7_1003

Normal

19,529

2.40

Mirai botnet

ACK flooding

107,188

13.15

Scan

43,675

5.36

SYN flooding

122,480

15.02

UDP flooding

157,085

19.27

UDP plain flooding

48,837

5.99

Sum

47,9265

58.79

Gafgyt botnet

Combo (spam data)

59,399

7.29

Junk (spam data)

27,414

3.36

Scan

28,573

3.50

TCP flooding

98,076

12.03

UDP flooding

102,981

12.63

Sum

316,443

38.82

Total sum

815,237

100.00

Dataset

Class

No. of instances

Rate (%)

Baby monitor (Philips_B120N10)

Normal

175,241

15.95

Mirai botnet

ACK flooding

91,124

8.29

Scan

103,622

9.43

SYN flooding

118,129

10.75

UDP flooding

217,035

19.75

UDP plain flooding

80,809

7.36

Sum

610,719

55.59

Gafgyt botnet

Combo (spam data)

58,153

5.29

Junk (spam data)

28,350

2.58

Scan

27,860

2.54

TCP flooding

92,582

8.43

UDP flooding

105,783

9.63

Sum

312,728

28.46

Total sum

1,098,688

100.00

Danmini doorbell

Normal

49,549

4.87

Mirai botnet

ACK flooding

102,196

10.04

Scan

107,686

10.57

SYN flooding

122,574

12.04

UDP flooding

237,666

23.34

UDP plain flooding

81,983

8.05

Sum

652,105

64.04

Gafgyt botnet

Combo (spam data)

59,719

5.86

Junk (spam data)

29,069

2.85

Scan

29,850

2.93

TCP flooding

92,142

9.05

UDP flooding

105,875

10.40

Sum

316,655

31.10

Total sum

1,018,309

100.00

Dataset

Class

No. of instances

Rate (%)

Ennio doorbell

Normal

39,101

11.00

Mirai botnet

ACK flooding

0

0.00

Scan

0

0.00

SYN flooding

0

0.00

UDP flooding

0

0.00

UDP plain flooding

0

0.00

Sum

0

0.00

Gafgyt botnet

Combo (spam data)

53,015

14.91

Junk (spam data)

29,798

8.38

Scan

28,121

7.91

TCP flooding

10,1537

28.56

UDP flooding

103,934

29.24

Sum

316,405

89.00

Total sum

355,506

100.00

Ecobee thermostat

Normal

13,114

1.57

Mirai botnet

ACK flooding

113,286

13.55

Scan

43,193

5.17

SYN flooding

116,808

13.97

UDP flooding

151,482

18.12

UDP plain flooding

87,369

10.45

Sum

512,138

61.27

Gafgyt botnet

Combo (spam data)

53,013

6.34

Junk (spam data)

30,313

3.63

Scan

27,495

3.29

TCP flooding

95,022

11.37

UDP flooding

104,792

12.54

Sum

310,635

37.16

Total sum

835,887

100.00

Dataset

Class

No. of instances

Rate (%)

Samsung webcam (SNH_1011_N )

Normal

52,151

13.90

Mirai botnet

ACK flooding

0

0.00

Scan

0

0.00

SYN flooding

0

0.00

UDP flooding

0

0.00

UDP plain flooding

0

0.00

Sum

0

0.00

Gafgyt botnet

Combo (spam data)

58,670

15.64

Junk (spam data)

28,306

7.54

Scan

27,699

7.38

TCP flooding

97,784

26.06

UDP flooding

110,618

29.48

Sum

323,077

86.10

Total sum

375,228

100.00

Security camera PT_737E

Normal

62,155

7.50

Mirai botnet

ACK flooding

60,555

7.31

Scan

96,782

11.68

SYN flooding

65,747

7.94

UDP flooding

156,249

18.86

UDP plain flooding

56,682

6.84

Sum

436,015

52.64

Gafgyt botnet

Combo (spam data)

61,381

7.41

Junk (spam data)

30,899

3.73

Scan

29,298

3.54

TCP flooding

104,511

12.62

UDP flooding

104,012

12.56

Sum

330,101

39.85

Total sum

828,271

100.00

Dataset

Class

No. of instances

Rate (%)

Security camera PT_838

Normal

98,515

11.77

Mirai botnet

ACK flooding

57,998

6.93

Scan

97,097

11.60

SYN flooding

61,852

7.39

UDP flooding

158,609

18.95

UDP plain flooding

53,786

6.43

Sum

429,342

51.30

Gafgyt botnet

Combo (spam data)

57,531

6.87

Junk (spam data)

29,069

3.47

Scan

28,398

3.39

TCP flooding

89,388

10.68

UDP flooding

104,659

12.51

Sum

309,045

36.93

Total sum

836,902

100.00

Security camera XCS7_1002

Normal

46,586

5.62

Mirai botnet

ACK flooding

107,188

12.93

Scan

43,675

5.27

SYN flooding

122,480

14.77

UDP flooding

157,085

18.95

UDP plain flooding

48,837

5.89

Sum

479,265

57.81

Gafgyt botnet

Combo (spam data)

54,284

6.55

Junk (spam data)

28,580

3.45

Scan

27,826

3.36

TCP flooding

88,817

10.71

UDP flooding

103,721

12.51

Sum

303,228

36.57

Total sum

829,079

100.00

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Habib, M., Aljarah, I., Faris, H., Mirjalili, S. (2020). Multi-objective Particle Swarm Optimization for Botnet Detection in Internet of Things. In: Mirjalili, S., Faris, H., Aljarah, I. (eds) Evolutionary Machine Learning Techniques. Algorithms for Intelligent Systems. Springer, Singapore. https://doi.org/10.1007/978-981-32-9990-0_10

Download citation

Publish with us

Policies and ethics

Search

Navigation