Machine Learning-Based Detection of Mirai and Bashlite Botnets in IoT Networks

Abstract

The growth of IoT devices has caused more botnet attacks, similar the Mirai botnet, which is a major cause of distributed denial of service (DDoS) attacks. Mirai gained notoriety for its involvement in large-scale attacks that compromised numerous IoT devices through weak authentication credentials. Similarly, Bashlite, also known as Bash0day or Lizkebab, targets vulnerable IoT devices by exploiting the Shellshock vulnerability in Linux-based systems. These botnets leverage compromised devices to carry out malicious activities and the propagation of malware. Machine Learning (ML) methods have been proposed to detect botnets, but finding both Mirai and Bashlite botnets at the same time is difficult because their attack patterns are different. The Random Forest (RF), Support Vector Machine (SVM) and Logistic Regression (LR) based detector for Mirai and Bashlite botnets are implemented in our detection method using machine learning. This study used N-BaIoT dataset to train these algorithms in order to detect the best features that distinguish botnet attacks on Internet of Things (IoT) devices. In this research we used two infected devices against five protocols. All machine learning algorithms used are reasonably accurate, as their test validation accuracy was greater than 99%, although Random Forest seemed to work the best.