Towards_Developing_Network_forensic_mechanism_for_.pdf

Towards_Developing_Network_forensic_mechanism_for_.pdf -...

This preview shows page 1 - 3 out of 15 pages.

Towards Developing Network forensic mechanism for Botnet Activities in the IoT based on Machine Learning Techniques Nickilaos Koroniotis 1 , Nour Moustafa 1 , Elena Sitnikova 1 , Jill Slay 1 1 School of Engineering and Information Technology University of New South Wales Canberra, Australia [email protected] [email protected] [email protected] [email protected] Abstract. The IoT is a network of interconnected everyday objects called “things” that have been augmented with a small measure of computing capabilities. Lately, the IoT has been affected by a variety of different botnet activities. As botnets have been the cause of serious security risks and financial damage over the years, existing Network forensic techniques cannot identify and track current sophisticated methods of botnets. This is because commercial tools mainly depend on signature-based approaches that cannot discover new forms of botnet. In literature, several studies have conducted the use of Machine Learning (ML) techniques in order to train and validate a model for defining such attacks, but they still produce high false alarm rates with the challenge of investigating the tracks of botnets. This paper investigates the role of ML techniques for developing a Network forensic mechanism based on network flow identifiers that can track suspicious activities of botnets. The experimental results using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks. Keywords: Botnets, Attack investigation, Machine learning, Internet of Thing (IoT) 1 Introduction An increasingly popular new term, is the Internet of Things (IoT). The concept of IoT dates back to the early 1980s, where a vending machine selling Coca-Cola beverages located at the Carnegie Mellon University was connected to the Internet, so that its inventory could be accessed online to determine if drinks were available [33]. Today, the IoT is an umbrella term, covering a multitude of devices and technologies, that have both Internet capabilities, and serve some primary function, such as: home automation, including smart air conditioning system, smart fridge, smart oven and smart lamps, wearable devices (i.e., smart watch and fitness tracker), routers, healthcare, DVRs, smart cars, etc. In general, IoT can be viewed as a collection of devices with low processing power and some form of network communication
Image of page 1

Subscribe to view the full document.