Detecting IoT Botnet Attacks Using Machine Learning Methods


International Conference on Information Security and Cryptology (ISCTURKEY), ELECTR NETWORK, 3 - 04 December 2020, pp.31-37 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/iscturkey51113.2020.9307994
  • Page Numbers: pp.31-37
  • Keywords: IoT Botnets, N-Balor DDOS Attacks, Machine Learning, Cyber Security
  • Gazi University Affiliated: Yes


Today, with the technological developments, the use of internet connected devices is increasing. It is a fact that life has become easier with the "Internet of Things (IoT), which contributes to the simultaneous operation of these devices with each other. IoT is a technology that designs and does the things people need to do - within a program - and increases the comfort of the user. All the advantages of IoT devices are valid as long as they work correctly and securely. However, when these devices do not work properly and securely or are abused by someone, their advantages as well as disadvantages emerge. The best example of this is the IoT-based Botnet attacks in 2016. Machine learning methods are used to prevent IoT-based attacks and planned attacks. The aim of this study is to detect the normal network traffic and attack traffic with high accuracy by using machine learning methods. The data set used is the N-BaIoT Provision 737E security camera data set, which includes normal network traffic and attack network traffic, and has been used in the literature. Machine learning has been carried out using this data set. The study was carried out in two ways, with and without supervision. EM (Expectation Maximization) algorithm was used while performing unsupervised learning and 76.73% success was achieved. In the application performed with supervised learning, the decision tree (J48) algorithm was used and 99.95% success was achieved. The application was carried out with the Weka 3.8 program.