Detection of Botnet in the loT Network

¹ FAST School of Computing, National University of Computer and Emerging Sciences, Karachi 75030, Pakistan
² Faculty of Computing and Informatics, Universiti Malaysia Sabah, Jalan UMS, Kota Kinabalu 88400, Sabah, Malaysia
³ Cyber Security Research Lab, Faculty of Computing and Informatics, Universiti Malaysia Sabah, Jalan UMS, Kota Kinabalu 88400, Sabah, Malaysia
⁴ School of Engineering Technology and Applied Science, Centennial College, Toronto, Ontario, Canada
⁵ Faculty of Islamic Technology, University Islam Sultan Sharif Ali, Brunei Darussalam

^* Corresponding author: shjamil@ums.edu.my

Abstract

The ubiquity of Internet of Things (IoT) devices has prompted security concerns, particularly in the face of evolving botnet attacks. This paper investigates the impact of botnet attacks on IoT devices and proposes a network-based detection and prevention system employing signature and anomaly-based mechanisms. Notably, our methodology extends beyond traditional detection, focusing on proactively impeding bot creation. Leveraging a Linux-based distributed system, Security Information and Event Management (SIEM) tools, and custom rules, our approach encompasses distinct phases Preprocessing, Network Security Monitoring, Rule-based IDS System, and Analysis. Experimental results with diverse PCAP files demonstrate the efficacy of custom rules, significantly enhancing alert counts for various security aspects, including network trojan detection and privacy violations. The significant finding is the substantial increase in alert counts after the integration of custom rules, exemplified in the 1.1 GB PCAP file scenario. Network trojan detection surged from 585 to 988, emphasizing the heightened efficacy of rule-based measures. Privacy breaches and bad traffic alerts also experienced significant increments, showcasing the system’s improved sensitivity and responsiveness. This finding reinforces the pivotal role of custom rules in fortifying IoT network security comprehensively.