Developing a hybrid feature selection method to detect botnet attacks in IoT devices.

The Internet of Things, or IoT, is an important technology applied in various applications such as smart homes and innovative healthcare. Due to its architecture, IoT-based devices suffer from various security challenges, most commonly, botnet attacks. This article aims to develop a hybrid feature selection method to find the most influential features based on three feature selection methods, correlation, generalized normal distribution optimization, and lasso, to detect botnet attacks in IoT devices. The UNSW-NB15 dataset is used to assess the proposed system. Several classification models including decision tree (DT), random forest (RF), k-nearest neighbors (KNN), adaptive boosting (AdaBoost), and bagging are utilized for the classification purpose. The proposed system was evaluated using several performance metrics. The results showed the correlation feature selection method had the most accurate botnet attack detection rate. RF also outperformed other models with a 95.11% detection rate in binary classification and 83.96% in multi-classification. On the other hand, results showed that the proposed hybrid method outperformed the feature selection methods with an increase of about 3% in both classifications. The AdaBoost model achieved an accuracy of 99.28% with binary classification by using 18 features, and the RF model achieved an accuracy of 86.62% with multi-classification by using 22 features. The robustness and efficacy of the proposed approach were demonstrated by comparing the study’s results with several other studies that have used the same dataset. The results of the study can be implemented in real applications to detect network interference of a dynamic nature in real-time and assist intrusion detection systems (IDS) in addressing these attacks. [ABSTRACT FROM AUTHOR]

Copyright of Kuwait Journal of Science is the property of Kuwait University, Academic Publication Council and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)