Authors: | Jovanović, Đorđe Vuletić, Pavle |
Affiliations: | Computer Science Mathematical Institute of the Serbian Academy of Sciences and Arts |
Title: | Machine learning pipelines for IoT botnet detection and behavior characterization in heavily imbalanced settings | Journal: | Signal, Image and Video Processing | Volume: | 19 | First page: | 254 | Issue Date: | 2025 | Rank: | ~M22 | ISSN: | 1863-1703 | DOI: | 10.1007/s11760-025-03813-5 | Abstract: | This paper, presents a new methodology for IoT botnet detection based on network intra-flow parameter time series analysis and supervised machine learning classification. The study focuses on time series feature extraction and machine learning pipeline improvements and methods to solve the problem of heavily imbalanced datasets, characteristics of many information security use cases. Another side result is the inference of key distinguishing malware behavior features that make them detectable with large precision. The research is based on real-world IoT malware dynamic behavior analysis, The samples were collected over 4 years (2019–2023), presenting one of the most recent IoT malware datasets and a unique long-term malware behavior analysis. The analysis suggests the type and rate of changes in IoT botnet malware behavior and some invariant features that can be used to reliably detect even previously unseen malware samples (so-called zero-day cases). Presented experimental results prove that the synthetic sample generation methodologies used in this study do not overfit the classifiers, but can detect zero-day malware samples with 0.9706 accuracy and 0.9041 f1 score. |
Keywords: | IoT botnet | Imbalanced datasets | Zero-day detection | Publisher: | Springer Link | Project: | This research was partially financially supported by the Ministry of Science, Technological Development, and Innovation of the Republic of Serbia (Contract No. 451-03-68/2024-03/200103). |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
DJovanovic.pdf | 499.84 kB | Adobe PDF | View/Open |
Page view(s)
4
checked on Jan 31, 2025
Download(s)
2
checked on Jan 31, 2025
Google ScholarTM
Check
Altmetric
Altmetric
This item is licensed under a Creative Commons License