Towards situational awareness of botnet activity in the internet of things.
Date
2018-06-11Author
McDermott, Christopher D.
Petrovski, Andrei
Majdani, Farzan
Metadata
Show full item recordCitation
MCDERMOTT, C.D., PETROVSKI, A.V. and MAJDANI, F. 2018. Towards situational awareness of botnet activity in the internet of things. Presented at the Cyber situation awareness conference 2018 (Cyber SA 2018): cyber situation awareness as a tool for analysis and insight, 11-12 June 2018, Glasgow, UK.
Abstract
An IoT botnet detection model is designed to detect anomalous attack traffic utilised by the mirai botnet malware. The model uses a novel application of Deep Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTMRNN), in conjunction with Word Embedding, to convert string data found in captured packets, into a format usable by the BLSTM-RNN. In doing so, this paper presents a solution to the problem of detecting and making consumers situationally aware when their IoT devices are infected, and forms part of a botnet. The proposed model addresses the issue of detection, and returns high accuracy and low loss metrics for four attack vectors used by the mirai botnet malware, with only one attack vector shown to be difficult to detect and predict. A labelled dataset was generated and used for all experiments, to test and validate the accuracy and data loss in the detection model. This dataset is available upon request.