SUKRY: Suricata IDS with Enhanced kNN Algorithm on Raspberry Pi for Classifying IoT Botnet Attacks

Syamsuddin, Irfan; Barukab, Omar

doi:10.3390/electronics11050737

Cited by 15 publications

(10 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Data characteristics and dimensions: The complexity of managing network traffic data is heightened due to its high-dimensional features and the extensive number of access points within Internet-connected services [26]. In addition, the categorization of botnet intrusions in IoT networks through the KNN algorithm becomes particularly difficult when confronted with voluminous datasets [27]. In the same vein, the prevalence of class imbalance within IoT IDS adversely impacts the efficiency and accuracy of ML models that are developed based on these skewed datasets [28]; • Security vulnerabilities and attacks: Addressing IoT networks' security vulnerabilities and attacks is inherently challenging, especially those that incorporate cloud technologies, as they are prone to various attacks [29].…”

Section: Key Challenges Of Intrusion Detection In Iotmentioning

confidence: 99%

“…Syamsuddin and Barukab [27] improved the KNN algorithm for IoT botnet attack classification by selecting optimal features through a technique named SUKRY, which is part of a Suricata-based IDS. They employed data preprocessing, feature selection, and anomaly classification with KNN.…”

Section: Ensemble and Transfer Learning-basedmentioning

confidence: 99%

“…BoT-IoT dataset: This dataset was created by simulating a real IoT network in UNSW Canberra's Cyber Range Lab used for testing IoT-focused IDS. It has both normal and botnet traffic with 46 features covering different IoT devices, communication protocols, and attack types such as DDoS, DoS, OS and Service Scan, Keylogging and Data exfiltration [27,28,40,59,67,72,75,92].…”

Section: Benchmark Datasetsmentioning

confidence: 99%

See 2 more Smart Citations

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Isong,

Kgote,

Abu-Mahfouz

2024

Electronics

View full text Add to dashboard Cite

The swift explosion of Internet of Things (IoT) devices has brought about a new era of interconnectivity and ease of use while simultaneously presenting significant security concerns. Intrusion Detection Systems (IDS) play a critical role in the protection of IoT ecosystems against a wide range of cyber threats. Despite research advancements, challenges persist in improving IDS detection accuracy, reducing false positives (FPs), and identifying new types of attacks. This paper presents a comprehensive analysis of recent developments in IoT, shedding light on detection methodologies, threat types, performance metrics, datasets, challenges, and future directions. We systematically analyze the existing literature from 2016 to 2023, focusing on both machine learning (ML) and non-ML IDS strategies involving signature, anomaly, specification, and hybrid models to counteract IoT-specific threats. The findings include the deployment models from edge to cloud computing and evaluating IDS performance based on measures such as accuracy, FP rates, and computational costs, utilizing various IoT benchmark datasets. The study also explores methods to enhance IDS accuracy and efficiency, including feature engineering, optimization, and cutting-edge solutions such as cryptographic and blockchain technologies. Equally, it identifies key challenges such as the resource-constrained nature of IoT devices, scalability, and privacy issues and proposes future research directions to enhance IoT-based IDS and overall ecosystem security.

show abstract

Section: Key Challenges Of Intrusion Detection In Iotmentioning

confidence: 99%

Section: Ensemble and Transfer Learning-basedmentioning

confidence: 99%

Section: Benchmark Datasetsmentioning

confidence: 99%

See 1 more Smart Citation

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Isong,

Kgote,

Abu-Mahfouz

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…The features of its backdoor make it possible for additional instructions and functions to be carried out on a machine that has been hacked. Among these operations include verifying the current condition of the infection, removing the bot from IRC [16], coming up with a random username, sending ping attacks, forcing a bot to join a channel, carrying out SYN flood or DDoS attacks, and a great deal more. In the same year, Agobot revealed the concept of a modular staged attack.…”

Section: Related Workmentioning

confidence: 99%

Cybersecurity: BotNet Threat Detection Across the Seven-Layer ISO-OSI Model Using Machine Learning Techniques

Baazeem

2023

cai

View full text Add to dashboard Cite

The Open System Interconnection (OSI) model, consisting of seven layers, has become increasingly important in addressing cyber security issues. The rapid growth of network technology has led to a rise in cyber threats, with botnets taking over fixed and mobile computers. The widespread availability of mobile devices has led to increased app consumption, with 60 % of Android malware containing major or minor botnets. The ease of accessibility of mobile devices has accelerated the adoption of mobile apps in various use cases. This article aims to identify and reduce botnets in operating systems, focusing on identifying them faster and reducing attack impact. The study analyzes botnet characteristics under controlled conditions and creates four traffic flow components across multiple time ranges. Using machine learning, flow vectors are created to identify internet flows as botnet flows or predicted flows. The method uses a combination of Boosted decision tree ensemble classifier, Naive Bayesian statistical classifier, and SVM discriminative classifier to accurately identify both well-known and novel botnets, reducing false positives and improving detection accuracy.

show abstract

“…The classification of geographic areas based on the latitude and longitude coordinates provided by GNSS is a novel research topic [23,24]. KNN represents a conceptual approach to classification (or prediction) that extends into new research areas, as seen in recent studies [32][33][34], which apply KNN in various domains. Our research aligns with this trend.…”

Section: Introductionmentioning

confidence: 99%

An Efficient GNSS Coordinate Classification Strategy with an Adaptive KNN Algorithm for Epidemic Management

Chen,

Kuo

2024

Mathematics

View full text Add to dashboard Cite

In times of widespread epidemics, numerous individuals are at risk of contracting viruses, such as COVID-19, monkeypox, and pneumonia, leading to a ripple effect of impacts on others. Consequently, the Centers for Disease Control (CDC) typically devises strategies to manage the situation by monitoring and tracing the infected individuals and their areas. For convenience, “targets” and “areas” represent the following individuals and areas. A global navigation satellite system (GNSS) can assist in evaluating the located areas of the targets with pointing-in-polygon (PIP) related technology. When there are many targets and areas, relying solely on PIP technology for classification from targets to areas could be more efficient. The classification technique of k-nearest neighbors (KNN) classification is widely utilized across various domains, offering reliable classification accuracy. However, KNN classification requires a certain quantity of targets with areas (training dataset) for execution, and the size of the training dataset and classification time often exhibit an exponential relationship. This study presents a strategy for applying KNN technology to classify targets into areas. Additionally, within the strategy, we propose an adaptive KNN algorithm to enhance the efficiency of the classification procedure.

show abstract

SUKRY: Suricata IDS with Enhanced kNN Algorithm on Raspberry Pi for Classifying IoT Botnet Attacks

Cited by 15 publications

References 52 publications

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Cybersecurity: BotNet Threat Detection Across the Seven-Layer ISO-OSI Model Using Machine Learning Techniques

An Efficient GNSS Coordinate Classification Strategy with an Adaptive KNN Algorithm for Epidemic Management

Contact Info

Product

Resources

About