Skip to main content

Advertisement

SpringerLink
Log in

A privacy-preserving botnet detection approach in largescale cooperative IoT environment

  • S.I. : IoT-based Health Monitoring System
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

With the development of Internet-of-Things (IoT), our modern life has been greatly facilitated, while an exponentially growing number of vulnerable devices also breed a wonderful ground for botnet controllers,. However, existing detection approaches developed for individual traditional network area neglect cross-area privacy issue and resource restraint nature of IoT network and therefore impede their effectiveness of mitigating IoT botnet. In this work, we present a lightweight and privacy-preserving system, namely PPBotHunter, to detect botnet across multiple network areas. PPBotHunter implements a fuzzy matrix algorithm to retrieve effective bot similarity computation while ensuring a high privacy degree. This algorithm is designed based on a privacy-preserving scalar product computation technique (PPSPC) which enables PPBotHunter to be lightweight yet efficient. We utilize only time series feature to build the fuzzy matrices, which further improve the compatibility, energy-efficacy and resistance against heterogeneity. The theoretical analysis and detailed simulations illustrate the efficacy and effectiveness of our proposed botnet detection system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Luo C, Tan Z, Min G, Gan J, Shi W, Tian Z (2020) A novel web attack detection system for internet of things via ensemble classification. IEEE Trans Ind Inf**.

  2. Zhou J, Dai HN, Wang H, Wang T (2021) Wide-attention and deepcomposite model for traffic flow prediction in transportation cyberphysical systems. IEEE Trans Industr Inf 17(5):3431–3440

    Article  Google Scholar 

  3. Tyagi S, Agarwal A, Maheshwari P (2016) A conceptual framework for iot-based healthcare system using cloud computing. In: 6th International Conference-Cloud System and Big Data Engineering (Confluence). IEEE, pp 503–507

  4. Sun Y, Tian Z, Li M, Su S, Du X, Guizani M (2020) Honeypot identification in softwarized industrial cyber-physical systems. IEEE Trans Ind Infor, pp. 1–1.

  5. Wang T, Luo H, Jia W, Liu A, Xie M (2020) Mtes: an intelligent trust evaluation scheme in sensor-cloud-enabled industrial internet of things. IEEE Trans Industr Inf 16(3):2054–2062

    Article  Google Scholar 

  6. Bertino E, Islam N (2017) Botnets and internet of things security. Computer 50(2):76–79

    Article  Google Scholar 

  7. “Nokia threat intelligence report.” https://www.nokia.com/networks/portfolio/cybersecurity/threat-intelligence-report-2020/.

  8. Asghari H, Ciere M, van Eeten MJG (2015) Post-mortem of a zombie: Conficker cleanup after six years. In: 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12–14, 2015, pp. 1–16. [Online]. Available: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari

  9. Andriesse D, Rossow C, Stone-Gross B, Plohmann D, Bos H (2013) Highly resilient peer-to-peer botnets are here: an analysis of gameover zeus. In: 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013, Fajardo, PR, USA, October 22–24, 2013, pp. 116–123. https://doi.org/10.1109/MALWARE.2013.6703693

  10. Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Durumeric Z, Halderman JA, Invernizzi L, Kallitsis M, Kumar D, Lever C, Ma Z, Mason J, Menscher D, Seaman C, Sullivan N, Thomas K, Zhou Y (2017) Understanding the mirai botnet.In: 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16–18, 2017., 2017, pp. 1093–1110. [Online]. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

  11. Herwig S, Harvey K, Hughey G, Roberts R, Levin D (2019) Measurement and analysis of hajime, a peer-to-peer iot botnet. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24–27, 2019. [Online]. Available: https://www.ndss-symposium.org/ndss-paper/measurement-and-analysis-of-hajime-a-peer-to-peer-iot-botnet/

  12. Yadav S, Reddy ALN (2011) Winning with DNS failures: Strategies for faster botnet detection. In: Security and Privacy in Communication Networks—7th International ICST Conference, SecureComm (2011) London, UK, September 7–9, 2011. Revised Selected Papers 2011:446–459. https://doi.org/10.1007/978-3-642-31909-9_26

  13. Gu G, Zhang J, LeeW (2008) Botsniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February–13th February 2008, 2008. [Online]. Available: http://www.isoc.org/isoc/conferences/ndss/08/papers/17_botsniffer_detecting_botnet.pdf

  14. LuoX, Wang L, Xu Z, An W (2018) Lagprober: Detecting dga-based malware by using query time lag of non-existent domains. In: Information and Communications Security - 20th International Conference, ICICS 2018, Lille, France, October 2931, 2018, Proceedings, 2018, pp. 41–56. https://doi.org/10.1007/978-3-030-01950-1\_3

  15. Antonakakis M, Perdisci R, Nadji Y, Vasiloglou II N, Abu-Nimeh S, Lee W, Dagon D (2012) From throw-away traffic to bots: Detecting the rise of dga-based malware. In: USENIX Security Symposium, 2012, pp. 491–506.

  16. Velasco-Mata J, González-Castro V, Fernández EF, Alegre E (2021) Efficient detection of botnet traffic by features selection and decision trees. IEEE Access 9:120567–120579.

  17. Alharbi A, Alsubhi K (2021) Botnet detection approach using graph-based machine learning. IEEE Access 9:99166–99180.

  18. Manasrah AM, Domi WB, Suppiah NN (2020) Botnet detection based on dns traffic similarity. Int J Adv Intell Paradigms 15(4):357–387

    Article  Google Scholar 

  19. Pour MS, Mangino A, Friday K, Rathbun M, Bou-Harb E, Iqbal F, Samtani S, Crichigno J, Ghani N (2020) On data-driven curation, learning, and analysis for inferring evolving internet-of-things (iot) botnets in the wild. Comput Security 91:101707.

  20. PopoolaSI, Adebisi B, Hammoudeh M, Gacanin H, Gui G (2021)Stacked recurrent neural network for botnet detection in smart homes. Computers Electrical Eng 92:107039.

  21. Qiu J, Tian Z, Du C, Zuo Q, Su S, Fang B (2020) A survey on access control in the age of internet of things. IEEE Internet Things J 7(6):4682–4696

    Article  Google Scholar 

  22. Kumar S, Hu Y, Andersen MP, Popa RA, Culler DE (2019) JEDI: many-to-many end-to-end encryption and key delegation for iot. In: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14–16, 2019, pp. 1519–1536. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/kumar-sam

  23. Gu G, Zhang J, Lee W (2008) Botsniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February–13th February 2008.

  24. Li F, Wang H, Niu B, He Y, Hua J, Li H (2016) A practical group matching scheme for privacy-aware users in mobile social networks. In: IEEE Wireless Communications and Networking Conference, WCNC, (2016) Doha, Qatar, April 3–6, 2016. IEEE, pp 1–6. https://doi.org/10.1109/WCNC.2016.7564968

  25. Choi H, Lee H, Kim H (2009) Botgad: detecting botnets by capturing group activities in network traffic. In: Bosch J, Clarke S (eds) Proceedings of the 4th International Conference on COMmunication System softWAre and MiddlewaRE (COMSWARE 2009), June 15–19, 2009, Dublin, Ireland. ACM, 2009, p. 2. https://doi.org/10.1145/1621890.1621893

  26. Choi H, Lee H (2012) Identifying botnets by capturing group activities in DNS traffic. Comput Netw 56(1):20–33, 2012. https://doi.org/10.1016/j.comnet.2011.07.018

  27. Gu G, Perdisci R, Zhang J, Lee W (2008) Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, P. C. van Oorschot, Ed USENIX Association, 2008, pp. 139–154. [Online]. Available: http://www.usenix.org/events/sec08/tech/full_papers/gu/gu.pdf

  28. Kwon J, Lee J, Lee H, PerrigA (2016) Psybog: A scalable botnet detection method for large-scale DNS traffic. Comput Netw 97:48–73. https://doi.org/10.1016/j.comnet.2015.12.008

  29. Homayoun S, Ahmadzadeh M, Hashemi S, Dehghantanha A, Khayami R (2018) BoTShark: a deep learning approach for Botnet traffic detection. Springer International Publishing, Cham, pp. 137–153. https://doi.org/10.1007/978-3-319-73951-9_7

  30. Wang C, Ou C, Zhang Y, Cho F, Chen P, Chang J, Shieh C (2018) Botcluster: a session-based P2P botnet clustering system on netflow. Comput Netw 145:175–189. https://doi.org/10.1016/j.comnet.2018.08.014

    Article  Google Scholar 

  31. Hang H, Wei X, Faloutsos M, Eliassi-Rad T (2013) Entelecheia: Detecting P2P botnets in their waiting stage. In: IFIP Networking Conference, 2013, Brooklyn, New York, USA, 22–24 May, 2013. IEEE Computer Society, 2013, pp. 1–9. [Online]. Available: http://ieeexplore.ieee.org/document/6663501/

  32. Joshi HP, Dutta R (2018) Gadfly: a fast and robust algorithm to detect p2p botnets in communication graphs. In: IEEE Global Communications Conference (GLOBECOM), pp 1–6

  33. Dehkordi MJ, Sadeghiyan B (2020) An effective node-removal method against P2P botnets. Comput Netw 182:107488. https://doi.org/10.1016/j.comnet.2020.107488

    Article  Google Scholar 

  34. Yadav S, Reddy AKK, Reddy A, Ranjan S (2010) Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, New York, pp. 48–61.

  35. Schiavoni S, Maggi F, Cavallaro L, Zanero S (2014) Phoenix: Dgabased botnet tracking and intelligence. In: International conference on detection of Iintrusions and malware, and vulnerability assessment. Springer, Cham, pp. 192–211.

  36. Schüppen S, Teubert D, Herrmann P, Meyer U (2018) Fanci: Featurebased automated nxdomain classification and intelligence. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1165–1181.

  37. Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiotnetwork-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22

    Article  Google Scholar 

  38. Nguyen TD, Marchal S, Miettinen M, Fereidooni F, Asokan N, Sadeghi A (2019) DÏot: a federated self-learning anomaly detection system for iot. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 756–767.

  39. Yin L, Luo X, Zhu C, Wang L, Xu Z, Lu H (2020) Connspoiler: disrupting c&c communication of iot-based botnet through fast detection of anomalous domain queries. IEEE Trans Ind Informatics 16(2):1373–1384. https://doi.org/10.1109/TII.2019.2940742

    Article  Google Scholar 

  40. Kumar A, Shridhar M, Swaminathan S, Lim TJ (2020) Ml-based early detection of iot botnets. In: International Conference on Security and Privacy in Communication Systems. Springer, Cham, pp. 254–260.

  41. Shafiq M, Tian Z, Bashir AK, Du X, Guizani M (2021) Corrauc: a malicious bot-iot traffic detection method in iot network using machinelearning techniques. IEEE Internet Things J 8(5):3242–3254

    Article  Google Scholar 

  42. Shafiq M, Tian Z, Bashir AK, Du X, Guizani M (2020) Iot malicious traffic identification using wrapper-based feature selection mechanisms. Comput Security 94:101863. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404820301358

  43. Garcia S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Security 45:00–123.

  44. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Futur Gener Comput Syst 100:779–796

    Article  Google Scholar 

Download references

Acknowledgements

This work supports in part by National Key R&D Program of China (No.2018YFB2004200), National Science Foundation of China (No.61872100) and State Grid Corporation of China Co., Ltd technology project (No.5700-202155185A-00-00).

Author information

Author notes

  1. Yixin Li and Muyijie Zhu are contributed equally to this work.

Authors and Affiliations

  1. Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China

    Yixin Li, Muyijie Zhu, Xi Luo, Lihua Yin & Ye Fu

Authors
  1. Yixin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muyijie Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xi Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lihua Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ye Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Xi Luo or Lihua Yin.

Ethics declarations

Conflict of interest

I declare on behalf of all co-authors that there exists no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, Y., Zhu, M., Luo, X. et al. A privacy-preserving botnet detection approach in largescale cooperative IoT environment. Neural Comput & Applic 35, 13725–13737 (2023). https://doi.org/10.1007/s00521-022-06934-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-022-06934-x

Keywords

Search

Navigation