Honeypot Coupled Machine Learning Model for Botnet Detection and Classification in IoT Smart Factory – An Investigation

Abstract

In the United States, the manufacturing ecosystem is rebuilt and developed through innovation with the promotion of AMP 2.0. For this reason, the industry has spurred the development of 5G, Artificial Intelligence (AI), and Machine Learning (ML) technologies which is being applied on the smart factories to integrate production process management, product service and distribution, collaboration, and customized production requirements. These smart factories need to effectively solve security problems with a high detection rate for a smooth operation. However, number of security related cases occurring in the smart factories has been increasing due to botnet Distributed Denial of Service (DDoS) attacks that threaten the network security operated on the Internet of Things (IoT) platform. Against botnet attacks, security network of the smart factory must improve its defensive capability. Among many security solutions, botnet detection using honeypot has been shown to be effective in early studies. In order to solve the problem of closely monitoring and acquiring botnet attack behaviour, honeypot is a method to detect botnet attackers by intentionally creating resources within the network. As a result, the traced content is recorded in a log file. In addition, these log files are classified quickly with high accuracy with a support of machine learning operation. Hence, productivity is increase, while stability of the smart factory is reinforced. In this study, a botnet detection model was proposed by combining honeypot with machine learning, specifically designed for smart factories. The investigation was carried out in a hardware configuration virtually mimicking a smart factory environment.