Date of Graduation
Statler College of Engineering and Mineral Resources
Lane Department of Computer Science and Electrical Engineering
Although desktops and laptops have historically composed the bulk of botnet nodes, Internet of Things (IoT) devices have become more recent targets. Lightbulbs, outdoor cameras, watches, and many other small items are connected to WiFi and each other; and few have well-developed security or hardening. Research on botnets typically leverages honeypots, PCAPs, and network traffic analysis tools to develop detection models. The research questions addressed in this Problem Report are: (1) What machine learning algorithm performs the best in a binary classification task for a representative dataset of malicious and benign IoT traffic; and (2) What features have the most predictive power? This research showed that the best performing algorithms were Random Forest with accuracy of 97.45% and F1 score of 97.39%; and the Linear SVM with a recall score of 99.90%. The most important features for the classification were: time of day, history, protocol, and count of origin bytes sent. Of these, time of day and volume of traffic coming from the same IP addresses are consistent for port scanning, infection, and distributed denial of service attacks.
Austin, Michael, "IoT Malicious Traffic Classification Using Machine Learning" (2021). Graduate Theses, Dissertations, and Problem Reports. 8024.