Popoola, Segun I (2022) Federated deep learning for botnet attack detection in IoT networks. Doctoral thesis (PhD), Manchester Metropolitan University.
|
Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) | Preview |
Abstract
The wide adoption of the Internet of Things (IoT) technology in various critical infrastructure sectors has attracted the attention of cyber attackers. They exploit the vulnerabilities in IoT to form a network of compromised devices, known as botnet, which is used to launch sophisticated cyber-attacks against the connected critical infrastructure. Recently, researchers have widely explored the potentials of Machine Learning (ML) and Deep Learning (DL) to detect botnet attacks in IoT networks. However, there are still some challenges that need to be addressed in this area, which include the determination of optimal model hyperparameters, low classification performance due to imbalanced sample distribution in the training set, high memory space requirement for network traffic data storage, inability to detect zero-day attacks, and lack of data privacy. In order to address these problems, a Federated Deep Learning (FDL) method is developed for botnet attack detection in IoT-enabled critical infrastructure. First, a hyperparameter optimisation method is developed for DL-based botnet attack detection in IoT networks to achieve high classification performance. The effectiveness of the method is evaluated using the Bot-IoT and N-BaIoT datasets, and the DL models achieved 99.99 ± 0.02% accuracy, 97.85 ± 3.77% precision, 98.72 ± 2.77% recall, and 97.72 ± 4.51% F1 score. Then, an oversampling algorithm is combined with DL models to improve the classification performance when the training data is highly imbalanced, without any significant increase in the overall computation time. This method improved the precision, recall, and F1 score of the DL models by 1.66-13.23%. Furthermore, a hybrid DL method is developed to reduce the amount of memory space required to store the network traffic data. This method reduced the memory space requirement for DL-based botnet attack detection by 86.45-98.26%. Finally, a FDL method, which also employed the hyperparameter optimisation, class balance, and memory space reduction methods, is developed to detect zero-day botnet attacks in IoT edge nodes, while preserving the data privacy of IoT users. The FDL models achieved high classification performance, and they had low communication overhead and low network latency.
Impact and Reach
Statistics
Additional statistics for this dataset are available via IRStats2.