Detection of Botnet in the loT Network

Abstract

The ubiquity of Internet of Things (IoT) devices has prompted security concerns, particularly in the face of evolving botnet attacks. This paper investigates the impact of botnet attacks on IoT devices and proposes a network-based detection and prevention system employing signature and anomaly-based mechanisms. Notably, our methodology extends beyond traditional detection, focusing on proactively impeding bot creation. Leveraging a Linux-based distributed system, Security Information and Event Management (SIEM) tools, and custom rules, our approach encompasses distinct phases Preprocessing, Network Security Monitoring, Rule-based IDS System, and Analysis. Experimental results with diverse PCAP files demonstrate the efficacy of custom rules, significantly enhancing alert counts for various security aspects, including network trojan detection and privacy violations. The significant finding is the substantial increase in alert counts after the integration of custom rules, exemplified in the 1.1 GB PCAP file scenario. Network trojan detection surged from 585 to 988, emphasizing the heightened efficacy of rule-based measures. Privacy breaches and bad traffic alerts also experienced significant increments, showcasing the system’s improved sensitivity and responsiveness. This finding reinforces the pivotal role of custom rules in fortifying IoT network security comprehensively.