The Internet of Things (IoT) is experiencing a constant expansion, embedding connectivity into everyday objects for increased efficiency. Despite this, security vulnerabilities pose a growing concern because IoT devices often lack robust security measures, leaving room for IoT botnet malware action and underlining the critical need for increased IoT security. During the last years, Machine Learning (ML) and Deep Learning (DL) have offered effective tools against IoT attacks, but these solutions struggle with identifying novel threats. In fact, the dynamic nature of IoT ecosystems requires data-driven systems capable of responding promptly to emerging threats, characterized by the limited availability of samples for training.In this context, we exploit Few-Shot Learning (FSL) to effectively identify emerging network attacks within the traffic generated by IoT devices by performing botnet-traffic classification. In detail, FSL enables ML and DL models to recognize and adapt to novel classes of attack traffic with minimal available samples, tackling class imbalance issues between high-frequency and lowfrequency attacks (which generate high and low network traffic, respectively). This strategic integration of FSL is crucial in enhancing overall IoT security, providing a proactive approach to handle dynamic and imbalanced scenarios, and ensuring the resilience of interconnected systems. The experimental evaluation is conducted on the publicly available IoT-23 dataset. The results highlight that the best FSL approach obtains the highest performance figures with just 3 shots, scoring 92% F1-score when discriminating low-frequency botnet malware. Noteworthy, satisfactory performance (up to 93% F1-score) is achieved also in misuse detection, proving the capability to distinguish between legitimate and malicious traffic.

IoT botnet-traffic classification using few-shot learning

Di Monda Davide
;
2024

Abstract

The Internet of Things (IoT) is experiencing a constant expansion, embedding connectivity into everyday objects for increased efficiency. Despite this, security vulnerabilities pose a growing concern because IoT devices often lack robust security measures, leaving room for IoT botnet malware action and underlining the critical need for increased IoT security. During the last years, Machine Learning (ML) and Deep Learning (DL) have offered effective tools against IoT attacks, but these solutions struggle with identifying novel threats. In fact, the dynamic nature of IoT ecosystems requires data-driven systems capable of responding promptly to emerging threats, characterized by the limited availability of samples for training.In this context, we exploit Few-Shot Learning (FSL) to effectively identify emerging network attacks within the traffic generated by IoT devices by performing botnet-traffic classification. In detail, FSL enables ML and DL models to recognize and adapt to novel classes of attack traffic with minimal available samples, tackling class imbalance issues between high-frequency and lowfrequency attacks (which generate high and low network traffic, respectively). This strategic integration of FSL is crucial in enhancing overall IoT security, providing a proactive approach to handle dynamic and imbalanced scenarios, and ensuring the resilience of interconnected systems. The experimental evaluation is conducted on the publicly available IoT-23 dataset. The results highlight that the best FSL approach obtains the highest performance figures with just 3 shots, scoring 92% F1-score when discriminating low-frequency botnet malware. Noteworthy, satisfactory performance (up to 93% F1-score) is achieved also in misuse detection, proving the capability to distinguish between legitimate and malicious traffic.
2024
979-8-3503-2445-7
Botnet-Traffic Classification
Deep Learning
Few-Shot Learning
Internet of Things
Intrusion Detection
Network Security
File in questo prodotto:
File Dimensione Formato  
_BigCyber__Botnet_TC_Using_FSL.pdf

accesso aperto

Tipologia: Documento in Post-print
Licenza: Creative commons
Dimensione 542.92 kB
Formato Adobe PDF
542.92 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11771/36323
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
social impact