Date of Graduation


Document Type

Problem/Project Report

Degree Type



Statler College of Engineering and Mineral Resources


Lane Department of Computer Science and Electrical Engineering

Committee Chair

Katerina Goseva-Popstojanova

Committee Member

Roy Nutter

Committee Member

Thomas Devine


Although desktops and laptops have historically composed the bulk of botnet nodes, Internet of Things (IoT) devices have become more recent targets. Lightbulbs, outdoor cameras, watches, and many other small items are connected to WiFi and each other; and few have well-developed security or hardening. Research on botnets typically leverages honeypots, PCAPs, and network traffic analysis tools to develop detection models. The research questions addressed in this Problem Report are: (1) What machine learning algorithm performs the best in a binary classification task for a representative dataset of malicious and benign IoT traffic; and (2) What features have the most predictive power? This research showed that the best performing algorithms were Random Forest with accuracy of 97.45% and F1 score of 97.39%; and the Linear SVM with a recall score of 99.90%. The most important features for the classification were: time of day, history, protocol, and count of origin bytes sent. Of these, time of day and volume of traffic coming from the same IP addresses are consistent for port scanning, infection, and distributed denial of service attacks.


I believe I addressed all of the issues in your email. Thank you for the links.