Knox: Lightweight Machine Learning Approaches for Automated Detection of Botnet Attacks

With an advancement in technology, the Internet of Things (IoT) has penetrated various domains such as smart buildings, intelligent transportation systems, healthcare, smart parking, air quality monitoring, water contamination identification, and supply chain owing to its ubiquitous nature. IoT devices periodically collect the data and send it to the gateway or server for pre-processing. However, the security offered in the IoT devices or gateways are still in a nascent stage. An Intrusion Detection System (IDS) meant for detecting the cyber threats on IoT should intercept most threats with minimum latency and yet be lightweight in nature. IoT devices also have low memory footprint which makes them resource constrained. This paper presents a framework built using a three-tier IoT architecture that successfully detects most attacks using machine learning approaches with an accuracy of 99%. Machine learning approaches are fed data using Apache Kafka to REST API. Sampling methods such as undersampling and adaptive synthetic sampling are applied to balance the imbalanced nature of the dataset. We examined the robustness of the approach using different samples with varying sizes and varying dimensions. Experimental results depict a superior performance of random forest over other approaches in terms of speed and accuracy.